Enforcer Homepage

2004-04-09: Version 0.4 Beta available for download
(Debian/unstable packages available).2003-12-08: Version 0.3 Alpha available for download.2003-09-08: Version 0.2 Alpha available for download.

ABOUT

The Enforcer is a Linux Security Module designed to improve integrity
of a computer running Linux by ensuring no tampering of the file
system. It can interact with TCPA hardware to provide higher levels of
assurance for software and sensitive data.

It can check, as every file is opened, if the file has been changed,
and take an admin specified action when it detects tampering. The
actions can be any combination of log the error, deny access to the
file, panic the system, or several operations that work with the TPM.

The Enforcer can also work with the TPM to store the secret to an
encrypted loopback file system, and unmount this file system when a
tampered file is detected. The secret will not be accessible to mount
the loopback file system until the machine has been rebooted with
untampered files. This allows sensitive data to be protected from an
attacker.

The Enforcer can also bind specific files so that only specific
applications can access them (for example, only apache is allowed to
access apache's secret ssl key). This means that even if someone
compromises your system, the attacker will not be able to steal
critical files.

Finally, the Enforcer can make sure that no files added to directories
after its database is built are allowed to be accessed.